My last job was in online banking. I found a potential phishing hole that could be exploited easily and brought it to management's attention before I left the company. A month or two later and nothing had been done to close it.
I kept up with a colleague there who related that an actual phishing exploit had occurred (not through the hole I reported) and was reported by a member. Apparently, management was in a tizzy and thrashing about madly. It was suddenly priority #1 and no one worked on anything else until it was patched. This comports with my experiences about previous security holes.
So yeah, report them. Especially if it's to a smaller institution who might not otherwise hear of it.
I currently run a MovableType blog, a WordPress blog (two, actually: 1.2 and 1.5), and a TextPattern site. I've evalutated all of the options and TextPattern is the cleanest, best designed lightweight CMS of the bunch.
I'm a developer on an online banking system and we're using forms authentication (the web.config file technique as you call it).
From what I've seen, IIS 6 and URLscan protect against this vulnerability. Plus, denying all anonymous users throughout the site and opening up only certain pages to anonymous users also seems to prevent this from happening.
I tested our system thoroughly when I heard about this exploit and it didn't break. I don't know why Microsoft is saying that you have to add stuff to Global.asax. Maybe we're using forms authentication a little differently than most.
My favorite part of the gag was when they said that the Googlunaplex would feature "a sushi chef formerly employed by the pop group Hanson." Maybe it's just my love of self-referential deprecations.
iTunes has an icon file for Ogg and WMA. You can find it by opening up the package contents of iTunes and looking in the Resources folder. There they are, plain as day!
They were definitely looking at using Gecko and indicated in interviews that 5.0 would probably be based on it because they were spending too much development time on their rendering engine. When Apple announced Safari, they realized that WebCore was a much better engine for integration than Gecko and so they switched over.
Furthermore, they are still using some of their own rendering engine. If you look at a page in Safari and OmniWeb, you'll notice that they're different looking though basically the same. I believe OmniWeb does some font work or something like that.
The problem, I think, is that most people don't want to have to format their media before first use. It's convenient to just insert any card and start snapping pictures.
The behavior you suggest is exactly what would happen, but I doubt that any media manufacturer would do this because it would represent a substantial barrier for most people.
I'm sure that this licensing scheme is just a trial balloon to see how much money they can garner. Once the coffers start to fill, you know that they have plans to start shaking down other FAT consumers.
There's speculation that Google may be running a parallel index because it has run out of numbers available in C for the current index. Which is a fascinating oversight if true!
I agree completely. I reviewed this for Slashdot because I thought for sure that people here would be interested in entrepreneurship. I figured that there were probably hundreds of people itching to start up their own companies and that we could have an interesting discussion along those lines about the practical matters, funding problems, what sort of ideas have the most merit, etc.
I was wrong.
Re:Kevin O'Connor: Innovation=Annoying Ripoff
on
The Map of Innovation
·
· Score: 2, Insightful
And I agree with you about the merit of O'Connor's business ventures. However, they've been profitable and generally successful.
I see his book as a helpful aid to thinking. Read about hiring good people or developing a business plan and then think about what I could do differently or better.
The people who are truly successful and innovative probably aren't interested right now in writing books about how they achieved their success. They're too busy to give advice in print. I bet that we'll see a raft of books from such people once they start retiring or settling down. That's what Sam Walton did. In the meantime, I'll take what I can get.
I agree with you to a point. I've fallen into the trap of overthinking something to the point of paralysis instead of just going out and doing it. In this instance, I have a good idea and this book looked like it might offer some practical advice for me to develop it. I've read other books in the past (when I was without a good, solid business idea) and they always seemed "too pie in the sky" as you said.
This book is different from those and I thought that other Slashdotters might be interested in it.
DoubleClick has tried some serious privacy-infringing ideas in the past and I assumed that the average Slashdot reader would be familiar with its infamous attempts.
My browser, OmniWeb, comes with a default RegEx to block its ads: "/.*\.doubleclick\.net/" This is enabled automatically.
O'Connor agrees with you to a point. He says that there are businesses where technology isn't imperative (retail being the most notable). But those businesses are exposed to risk because a competitor could come along that uses technology in an innovative way and could have lower costs, quicker delivery, and better service. Those spell doom in a competitive setting.
Slashdot Mirror
It's ironic that he's registered his domain with Wild West Domains, a Go Daddy reseller.
My last job was in online banking. I found a potential phishing hole that could be exploited easily and brought it to management's attention before I left the company. A month or two later and nothing had been done to close it.
I kept up with a colleague there who related that an actual phishing exploit had occurred (not through the hole I reported) and was reported by a member. Apparently, management was in a tizzy and thrashing about madly. It was suddenly priority #1 and no one worked on anything else until it was patched. This comports with my experiences about previous security holes.
So yeah, report them. Especially if it's to a smaller institution who might not otherwise hear of it.
I think his document applies exclusively to the use of metadata on the Web. I would agree with his points about that.
I currently run a MovableType blog, a WordPress blog (two, actually: 1.2 and 1.5), and a TextPattern site. I've evalutated all of the options and TextPattern is the cleanest, best designed lightweight CMS of the bunch.
http://www.textpattern.com/
Ugh, bad link:
_ soros/
http://money.cnn.com/2004/10/06/technology/cheney
Cheney did it in his debate:
e y_ soros/
http://money.cnn.com/2004/10/06/technology/chen
I'm a developer on an online banking system and we're using forms authentication (the web.config file technique as you call it).
From what I've seen, IIS 6 and URLscan protect against this vulnerability. Plus, denying all anonymous users throughout the site and opening up only certain pages to anonymous users also seems to prevent this from happening.
I tested our system thoroughly when I heard about this exploit and it didn't break. I don't know why Microsoft is saying that you have to add stuff to Global.asax. Maybe we're using forms authentication a little differently than most.
She was good in Crazy/Beautiful also.
My favorite part of the gag was when they said that the Googlunaplex would feature "a sushi chef formerly employed by the pop group Hanson." Maybe it's just my love of self-referential deprecations.
This seems relevant, though perhaps less thoughtful:
Discovery
iTunes has an icon file for Ogg and WMA. You can find it by opening up the package contents of iTunes and looking in the Resources folder. There they are, plain as day!
I submitted the story on January 1st. It was delayed for some reason.
They were definitely looking at using Gecko and indicated in interviews that 5.0 would probably be based on it because they were spending too much development time on their rendering engine. When Apple announced Safari, they realized that WebCore was a much better engine for integration than Gecko and so they switched over.
Furthermore, they are still using some of their own rendering engine. If you look at a page in Safari and OmniWeb, you'll notice that they're different looking though basically the same. I believe OmniWeb does some font work or something like that.
The problem, I think, is that most people don't want to have to format their media before first use. It's convenient to just insert any card and start snapping pictures.
The behavior you suggest is exactly what would happen, but I doubt that any media manufacturer would do this because it would represent a substantial barrier for most people.
I'm sure that this licensing scheme is just a trial balloon to see how much money they can garner. Once the coffers start to fill, you know that they have plans to start shaking down other FAT consumers.
Google News search for "MSN Newsbot"
vs.
MSN Newsbot search for "Google News"
It's a very telling search that compares the two services rather nicely.
Favorite line from the article: "It is much harder to fool people with a website." If only that were true.
There's speculation that Google may be running a parallel index because it has run out of numbers available in C for the current index. Which is a fascinating oversight if true!
I agree completely. I reviewed this for Slashdot because I thought for sure that people here would be interested in entrepreneurship. I figured that there were probably hundreds of people itching to start up their own companies and that we could have an interesting discussion along those lines about the practical matters, funding problems, what sort of ideas have the most merit, etc.
I was wrong.
And I agree with you about the merit of O'Connor's business ventures. However, they've been profitable and generally successful.
I see his book as a helpful aid to thinking. Read about hiring good people or developing a business plan and then think about what I could do differently or better.
The people who are truly successful and innovative probably aren't interested right now in writing books about how they achieved their success. They're too busy to give advice in print. I bet that we'll see a raft of books from such people once they start retiring or settling down. That's what Sam Walton did. In the meantime, I'll take what I can get.
I agree with you to a point. I've fallen into the trap of overthinking something to the point of paralysis instead of just going out and doing it. In this instance, I have a good idea and this book looked like it might offer some practical advice for me to develop it. I've read other books in the past (when I was without a good, solid business idea) and they always seemed "too pie in the sky" as you said.
This book is different from those and I thought that other Slashdotters might be interested in it.
I was going to say ubiquitous utility like power but recent events convinced me to go with the phone system. Heh
DoubleClick has tried some serious privacy-infringing ideas in the past and I assumed that the average Slashdot reader would be familiar with its infamous attempts.
My browser, OmniWeb, comes with a default RegEx to block its ads: "/.*\.doubleclick\.net/" This is enabled automatically.
O'Connor agrees with you to a point. He says that there are businesses where technology isn't imperative (retail being the most notable). But those businesses are exposed to risk because a competitor could come along that uses technology in an innovative way and could have lower costs, quicker delivery, and better service. Those spell doom in a competitive setting.
After the PowerMac G5, I'm not sure I'd ever want to buy an Apple with such a sluggish bus speed no matter how nice it was.